Date: Wed, 21 May 2008 11:34:42 -0800 From: Jonathan Smith <smithj@...ethemallocs.com> To: oss-security@...ts.openwall.com CC: chris@...ry.beasts.org Subject: Re: vsftpd CVE-2007-5962 (Red Hat / Fedora specific) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tomas Hoger wrote: | This is just a heads-up. We are releasing updated vsftpd packages | containing a fix for a minor memory leak identified by CVE-2007-5962. The memory leak itself is CVE-2007-5962? Or is the CVE for the original issue where deny_hosts didn't work as expected? It doesn't seem to be public. | The issue occurred because of the Red Hat / Fedora specific patch | which, according to information from our vsftpd maintainer, is not in | upstream. I also checked few major vendors, it seems no one is using | the patch. rPath/Foresight does :-/ | More details in our BZ: | | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-5962 Thanks for the heads-up. smithj -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkg0eVEACgkQCG91qXPaRemHagCfck874lv1ONGXaZPPGRWo0i6x R3AAnRE/9lpHs8D4NAYSV59MudHSoLRy =ZSXA -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.